privacy security

Zero-day in Sign in with Apple

Apply awarded a 100K bug bounty for a relatively simple – but admittedly high impact – bug. This researcher got lucky.

What if I say, your Email ID is all I need to takeover your account on your favorite website or an app. Sounds scary, right? This is what a bug in Sign in with Apple allowed me to do.

Source: Zero-day in Sign in with Apple


A first look at Unreal Engine 5 – Unreal Engine

As usual, Unreal’s demo are always super impressive. New features in Unreal Engine 5: unlimited polygon, real-time global illumination. Other than realistic animation, these are like the holy-grail of real-time graphics. We’ll have to wait till 2021 to see if they can deliver these in actual production.

The following images are not 3D renders. They are screenshots from the actual real-time demo.

Nanite virtualized micropolygon geometry frees artists to create as much geometric detail as the eye can see. Nanite virtualized geometry means that film-quality source art comprising hundreds of millions or billions of polygons can be imported directly into Unreal Engine—anything from ZBrush sculpts to photogrammetry scans to CAD data—and it just works. Nanite geometry is streamed and scaled in real time so there are no more polygon count budgets, polygon memory budgets, or draw count budgets; there is no need to bake details to normal maps or manually author LODs; and there is no loss in quality

Source: A first look at Unreal Engine 5 – Unreal Engine


The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet | WIRED

The storytelling here is fantastic. It reads like drama, but it actually happened in real life. This is the story of the hacker who stopped WannaCry. It’s a long article but definitely worth reading till the end.

At 22, Marcus Hutchins put a stop to the worst cyberattack the world had ever seen. Then he was arrested by the FBI. This is his untold story.

Source: The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet | WIRED


ICANN Board Withholds Consent for a Change of Control of the Public Interest Registry (PIR) – ICANN

The internet community dodged a bullet today. The fate of the .org domain was up in the air recently until finally ICANN rejected it amidst public pressure. See the backstory here.

Source: ICANN Board Withholds Consent for a Change of Control of the Public Interest Registry (PIR) – ICANN

privacy security

The problem with Zoom

The rise of Zoom is undeniable in today’s climate. Work, school, communities, etc. are all adopting Zoom and other video messaging platform as a primary means of communication. However, Zoom – the company – has some questionable practices, which leads to Zoom – the product – having many security and privacy issues. Here is an entire article devoted to problems with Zoom:

Every Zoom Security and Privacy Flaw So Far, and What You Can Do to Protect Yourself

The problems with Zoom extend beyond its recent troubles. More articles related to Zoom issues:

MOE suspends use of Zoom in home-based learning following breaches involving obscene images

Who has banned Zoom? Google, NASA, and more

‘Zoombombing’ City Hall: Online Harassment Surges As Public Meetings Go Virtual

Google Told Its Workers That They Can’t Use Zoom On Their Laptops Anymore

Zoom admits some calls were routed through China by mistake

Security and Privacy Implications of Zoom

Thousands of Zoom video calls left exposed on open Web

A Quick Look at the Confidentiality of Zoom Meetings

New Zoom Hack Lets Hackers Compromise Windows and Its Login Password

Zoom is Leaking Peoples’ Email Addresses and Photos to Strangers

Zoom iOS App Sends Data to Facebook Even if You Don’t Have a Facebook Account

The Zoom Desktop App Lets Any Website Take Over Your Mac’s Camera. Here’s What To Do About It.

Apple has pushed a silent Mac update to remove hidden Zoom web server


Activists created a 12.5 million block digital library in ‘Minecraft’ to bypass censorship laws (MSFT) [ARTICLE] – Pulse Ghana

Activists created a digital library in Minecraft. There are some criticisms about the practicality of this movement, but you cannot deny that the library building is very impressive – the designers have put a lot of thought into each “wing”.

Reporters Without Borders created “The Uncensored Library” within “Minecraft” as what it calls a “loophole to overcome censorship.” The digital library in an open “Minecraft” server has articles and information that has been censored in many countries, but is accessible through the game.

Source: Activists created a 12.5 million block digital library in ‘Minecraft’ to bypass censorship laws (MSFT) [ARTICLE] – Pulse Ghana

network security

Microsoft accidentally reveals Wormable Win SMBv3 CVE-2020-0796 FlawSecurity Affairs

A severe vulnerability is discovered in one of the core components of Windows. Microsoft has since released an urgent out-of-band patch to all affected machines.

“Microsoft is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client.” reads the advisory published by Microsoft.

Source: Microsoft accidentally reveals Wormable Win SMBv3 CVE-2020-0796 FlawSecurity Affairs

3D gis

Comparing Google Maps 3D with Singapore’s OneMap3D

OneMap3D is envisioned to be “Asia’s first, open-source 3D nationwide map”.

OneMap 3D (sic) will enable users to orient themselves in a three-dimensional representation of the real world, empowering them to navigate around identifiable landmarks, walkways and even void deck spaces. OneMap 3D will first be launched to developers by the end of 2020.


  1. Full disclosure: we are enrolled in OneMap3D Developer Programme and are bounded by the NDA. The following content does not reveal anything that is forbidden by the NDA.
  2. It appears that earlier articles use the term “OneMap 3D” and recent ones “OneMap3D”. For consistency we will use the term “OneMap3D”.


In 2014, Singapore announced the launch of the Smart Nation Initiative, of which Virtual Singapore is a key feature. One of the products of Virtual Singapore is the island-wide 3D map of Singapore. Today, the custodian of this 3D map is the Singapore Land Authority (SLA), and the platform in which this data will be available is called OneMap3D.

This article primarily focuses on the comparison of 3D model available on Google Maps and OneMap3D. Other aspects such as API capabilities etc are not explored.

Google Maps 3D

When Google Maps was launched, the world of digital mapping was introduced to the masses. It began with making tile-based maps accessible through the browser. Then Google acquired a company called KeyHole and took over the product to be launched as Google Earth, a desktop application. Google Earth was its foray into interactive 3D mapping – fulling Neal Stephenson’s vision in a round-about way since the original KeyHole application was said to be inspired by the author’s novel.

Nowadays, the line is blurring between Google Maps and Google Earth since the former is capable of showing 3D content as well. On your modern desktop browser, just turn on Satellite mode and if the area happens to have 3D content it will be shown. Singapore is lucky enough to have this feature enabled for a large part of the main island. Our comparison will be based on the 3D content available through Google Maps.


OneMap3D is envisioned to be the upgrade from the existing OneMap service provided by SLA. By enrolling in the OneMap3D Developer Programme, we are given access to 1) 3D building models, and 2) API to access 3D models.

The 3D building models are provided in CityGML version 2 format. For those who are unfamiliar, “CityGML is an open data model and XML-based format for the storage and exchange of virtual 3D city models.”. It is both an OGC as well as an ISO standard.

The tools for processing CityGML are quite lacking unfortunately, as commercial support is not high. For the purpose of this comparison, we will import CityGML files into 3DCityDB, and export it out as a COLLADA file.

First Look

Google Maps
OneMap 3D

At this zoom distance, both models in Google Maps and OneMap3D look quite good. It may not be apparent, but the water tanks on the rooftops for OneMap3D are modelled separately.

Another Example

Google Maps
OneMap 3D

For a more articulated building, OneMap3D clearly shines. One can see small features such as the cross on the rooftop and words on the facade can be read.

Model Representation

Google doesn’t reveal how its 3D mapping content is constructed but one can try to guess. One FAQ for Google Earth – which probably shares the same data sources as Google Maps – says that imagery collected includes “satellite, aerial, 3D, and Street View images” from “providers and platforms”. The fusion of all these data into a model should be largely automated and powered by their proprietary algorithms.

Based on how 3D contents are streamed in Google Maps, they should be using some form of progressive mesh techniques.

OneMap3D models are based on buildings and each building is provided as a CityGML file. The likely data sources include LiDAR, aerial photography, site survey, official building footprint, etc. It is apparent that the models are handcrafted through some modelling software and converted to the designated format.

OneMap 3D building mesh


As with most things, there are pros and cons to either modelling approaches. Here is a non-exhaustive comparison:


Pros Cons
Clean modelColors/textures can be inconsistent
OptimizedTextures can look repetitive
Sharp even when zoomed inSubject to human errors
Small features can be seenLabour intensive
Ground-level details can be seen
Inconsistent texture quality between roof and facade
Ground level details can be seen

Google Maps

Pros Cons
Consistent look and feel“Melted building” syndrome when close-up
Scalable to large areasEdges are not straight
Occasional artifacts
Building not separated from terrain mesh
Shadows are not removed
Visual artifacts

More OneMap3D Examples


OneMap3D represents the herculean effort of creating and maintaining an up-to-date database of 3D building models for the whole of Singapore.

Google Maps approach on the other hand, allows it to scale to potentially any city in the world. And it will only get better with newer data acquisition techniques and algorithms.

Beyond 3D representation, however, OneMap3D’s models also contain rich semantic information that allows it to be used in different types of applications, eg. computing roof surface area. And since buildings are standard 3D assets, they can be used in various types of 3D applications such as VR, gaming, rendering etc. There are clearly pros and cons of either approach and we are excited to see the types of applications that OneMap3D will bring when it officially launches end of the year.

Edit: Contact me if you would like to know more about converting OneMap3D data to other commonly used 3D formats.

privacy security

Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access

This vulnerability affects WhatsApp desktop – which I didn’t know exists – for Mac and Windows. It does so by exploiting unpatched bugs in the older version of Electron that WhatsApp desktop uses.

Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access

Source: Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access

internet programming

Troy Hunt: Promiscuous Cookies and Their Impending Death via the SameSite Policy

Yet another potentially breaking change on the web. This time round it involves cookie handling (in the upcoming Chrome 80). The objective is to close off a class of attacks known as CSRF (cross-site request forgery). Expect other browsers to follow suit.

… any websites you’re responsible for that are passing cookies around cross domain by POST request and don’t already have a SameSite policy are going to start misbehaving pretty quickly

Source: Troy Hunt: Promiscuous Cookies and Their Impending Death via the SameSite Policy